$OpenBSD: patch-src_truecrypt_fmt_plug_c,v 1.3 2015/01/18 11:57:22 sthen Exp $

From 61d7d8b0985a3015921df839c68cf42e49d72260 Mon Sep 17 00:00:00 2001
From: jfoug <jfoug@cox.net>
Date: Tue, 23 Dec 2014 06:28:40 -0600
Subject: [PATCH] truecrypt: fixed unified format. Fix #941

From 480e95b0e449863be3e1a5b0bc634a67df28b618 Mon Sep 17 00:00:00 2001
From: Solar <solar@openwall.com>
Date: Thu, 18 Dec 2014 21:24:01 +0100
Subject: [PATCH] Fix a bug in truecrypt for non-x86 archs. Closes #912.

--- src/truecrypt_fmt_plug.c.orig	Thu Dec 18 00:59:02 2014
+++ src/truecrypt_fmt_plug.c	Sat Jan 17 07:38:39 2015
@@ -235,18 +235,24 @@ static void* get_salt(char *ciphertext)
 	return s;
 }
 
-/***********************************************************************************************************
- * we know first sector has Tweak value of 0. For this, we just AES a null 16 bytes, then do the XeX using
- * the results for our xor, then modular mult GF(2) that value for the next round.  NOTE, len MUST
- * be an even multiple of 16 bytes.  We do NOT handle CT stealing.  But the way we use it in the TC format
- * we only decrypt 16 bytes, and later (if it looks 'good'), we decrypt the whole first sector (512-64 bytes)
- * both which are even 16 byte data.
- * This code has NOT been optimized. It was based on simple reference code that I could get my hands on.  However,
- * 'mostly' we do a single limb AES-XTS which is just 2 AES, and the buffers xored (before and after). There is
- * no mulmod GF(2) logic done in that case.   NOTE, there was NO noticable change in speed, from using original
- * oSSL EVP_AES_256_XTS vs this code, so this code is deemed 'good enough' for usage in this location.
- ***********************************************************************************************************/
-static void AES_256_XTS_first_sector(const unsigned char *double_key, unsigned char *out, const unsigned char *data, unsigned len) {
+/*****************************************************************************
+ * we know first sector has Tweak value of 0. For this, we just AES a null 16
+ * bytes, then do the XeX using the results for our xor, then modular mult
+ * GF(2) that value for the next round.  NOTE, len MUST be an even multiple of
+ * 16 bytes.  We do NOT handle CT stealing.  But the way we use it in the TC
+ * format we only decrypt 16 bytes, and later (if it looks 'good'), we decrypt
+ * the whole first sector (512-64 bytes) both which are even 16 byte data.
+ * This code has NOT been optimized. It was based on simple reference code that
+ * I could get my hands on.  However, 'mostly' we do a single limb AES-XTS which
+ * is just 2 AES, and the buffers xored (before and after). There is no mulmod
+ * GF(2) logic done in that case.   NOTE, there was NO noticable change in
+ * speed, from using original oSSL EVP_AES_256_XTS vs this code, so this code
+ * is deemed 'good enough' for usage in this location.
+ *****************************************************************************/
+static void AES_256_XTS_first_sector(const unsigned char *double_key,
+                                     unsigned char *out,
+                                     const unsigned char *data,
+                                     unsigned len) {
 	unsigned char tweak[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
 	unsigned char buf[16];
 	int i, j, cnt;
@@ -310,8 +316,8 @@ static int crypt_all(int *pcount, struct db_salt *salt
 			pbkdf2_sha512_sse((const unsigned char **)pin, lens, psalt->salt, 64, psalt->num_iterations, &(x.poutc), sizeof(key), 0);
 		}
 #else
-		if (is_sha512)
-			pbkdf2_sha512((const unsigned char*)key_buffer[i], strlen(key_buffer[i]), psalt->salt, 64, num_iterations, key, sizeof(key), 0);
+		if (psalt->hash_type == IS_SHA512)
+			pbkdf2_sha512((const unsigned char*)key_buffer[i], strlen((char*)key_buffer[i]), psalt->salt, 64, psalt->num_iterations, key, sizeof(key), 0);
 #endif
 		else if (psalt->hash_type == IS_RIPEMD160)
 			pbkdf2_ripemd160(key_buffer[i], strlen((char*)(key_buffer[i])), psalt->salt, 64, psalt->num_iterations, key, sizeof(key), 0);
@@ -463,8 +469,13 @@ struct fmt_main fmt_truecrypt = {
 		BINARY_ALIGN,
 		SALT_SIZE,
 		SALT_ALIGN,
+#if SSE_GROUP_SZ_SHA512
+		SSE_GROUP_SZ_SHA512,
+		SSE_GROUP_SZ_SHA512,
+#else
 		MIN_KEYS_PER_CRYPT,
 		MAX_KEYS_PER_CRYPT,
+#endif
 		FMT_CASE | FMT_8_BIT | FMT_OMP,
 #if FMT_MAIN_VERSION > 11
 		{
